General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 428 Views
  • 0 replies
  • 2 Likes

Netconnect and Zscaler issue

Hi,

somebody tried to use a cloud based proxy provider like zscaler to use together with Netconnect.ssl vpn ?

The proxy uses AD authentication to make sure the client is a member of....customer. No problem so far.

When the user wants to initiate a Netco

...

gejac by Not applicable
  • 3467 Views
  • 1 replies
  • 0 Likes

Resolved! Number of Users on Local Database

Hi all.

Palo Alto have Local Database to define User.

But I do not know the number of users that PA can create and manage by Local Database.

Pls help me know.

Thanks.

dat.tran by L2 Linker
  • 3928 Views
  • 1 replies
  • 0 Likes

Additional authentication for specific zone

Hello everyone,

Is it possible to request an additional authentication for a specific zone with PAN-OS 5.0?

The requirement would be to have regular userauthenticated through regular ActiveDirectory/NTLM for regular zones. However for very sensitive zo

...

A general web proxy server deployment with PAN box

Hi All,

I think this topic has been discussed in the past, but I want to be clear about this deployment

since web proxy server design is still typical in many customer's live network. So please allow me to bring this again.

2 basic deployments are ment

...

tomimma by L1 Bithead
  • 3923 Views
  • 5 replies
  • 0 Likes

Allowing some protocols from any user/port?

I am curious what others are doing for some protocols:  Examples:  DNS, ocsp, STUN, meraki, apple push notification, etc.  It seems to me that these sorts of things could be let go for pretty much all users, anytime and be excluded from the captive p

...

BobW by L4 Transporter
  • 2895 Views
  • 2 replies
  • 0 Likes

Blocking pictures with GPS Data

I'd like to use the PA to block pictures that contain GPS exif data in jpeg, tiff, and other uploads to social media sites.  Has anyone done this already?  

PANoJAM by Not applicable
  • 3152 Views
  • 4 replies
  • 0 Likes

Commit failed

Hi everybody,

Device: PA-2050

Firmware: 4.0.1

we are getting this error message when we try a commit.

What is happening when this appears and what can we do?

A rollback to a further config version is not helping.

Error message:

Management server failed to s

...

indevis by L2 Linker
  • 11024 Views
  • 15 replies
  • 0 Likes

Monitoring - source user not shown in log

Although the "agentID client" is installed on one of our domain controller boxes, I find that when using MONITOR log to look at the traffic, it doesn't show the "source user" of whom is currently logged in via Active Directory. Any idea why?

In additi

...

Resolved! PA-500 IPsec VPN

Hi all,

I have a general VPN tunnel question.. Was do the status lights on the IPsec tunnel indicate (see below)? I understand green is goo and red is bad, what I don't know is why is there two? I can surmise that the second one is the "IKE Gateway/Sa

...

Resolved! BGP in a cluster deployment

hi!

I was wondering how to use BGP in a HA active/standby deployment? a common design with floating IP addresses (HSRP/VRRP like) is to use two additional switches to connect to two upstream ISPs so a link failure doesn't result in an active member ta

...

santonic by L6 Presenter
  • 9033 Views
  • 6 replies
  • 0 Likes

Resolved! Site to site VPN issue

Folks.

I have an issue with some site-to-site configurations that is bugging the cr*p out of me, and I thought I'd post it here.

I run some site-to-site VPN's (Palo Alto to Cisco 887 routers) which come up fine, but which seem to defy *all* configurati

...

darren_g by L4 Transporter
  • 2571 Views
  • 1 replies
  • 0 Likes

Resolved! Moving from Global Protect 1.1.6 -> 1.1.7

I believe moving away from 1.1.6 now requires a trusted certificate?  I have about 600 remote users on 1.1.6.. trying to get to the latest rev (1.2.1) without any user interruption.  I tested with our QA firerwall and I am getting certificate errors.

...

rrau by L3 Networker
  • 2182 Views
  • 2 replies
  • 0 Likes
  • 23698 Posts
  • 110 Subscriptions
Top Solution Authors
Labels